Corporate cyber attackers have a lot of vulnerabilities to exploit: job hunters, employees looking for love, lazy screening of connections in social media apps and our simple human quest to connect with others. Kind of makes you want to be antisocial, right?
How can defenders cope with this barrage of social engineering opportunities? And how can businesses afford it? Here are three considerations for network defense that can strengthen any enterprise’s posture against a breach from social cyber for little to no cost, allowing you to stay social AND safe:
Is it bigger than a breadbox?
Any effective and efficient cyber defense has to begin with this basic question. How great is the threat that I face? Defenders must gauge what information they need to protect and what kind of cyber network defense response is appropriate. Some enterprises’ information may be too valuable to allow for taking social risks. Depending on the value of information and risks, do you outsource security or develop it internally? Naturally, securing data at McDonalds takes a different approach than securing the NSA; but what, specifically? What percentage of transactions are credit cards? How would a breach be insured? What would be the economic impact of losing 10 percent of your business after an exposure? Or possibly the impact to the security of the United States and its most critical, secured information? Answering questions such as these will inform you how to best approach your cyber defense.
The best things in life are free.
Security can be matured with little to no cost using the right tradecraft or the thoughtful and skilled analysis of a seasoned network defender. Identify your existing resources and tune them to disrupt the threats your enterprise actually faces. With that understanding, you can add additional defenses for greater resiliency against those threats. This is far more valuable than integrating a popular but costly tool into existing processes. Take spear phishing, for example—the largest attack vector. Tagging external emails at the gateway as “EXTERNAL” in the message header gives employees a chance to act appropriately and serves as a flag that they should assess whether the email should be trusted. And the cost is low.
It’s not you; it’s me.
The question is not whether you should buy a given tool because others are buying it or because it scores well in a magic quadrant; rather, focus on how a given tool would fit into your current defenses. Does it overlap or conflict with existing tools? If it provides additional functionality, is there another tool that provides a similar function for significantly lower cost? It is, after all, all about you. Additionally, take note of how you are using what you already have. Are you leveraging the information about attempted and successful breaches on your own environment? Implementing a relatively simple knowledge management tool that can be rapidly searched and store information about potential threats is the most fundamental step to embracing intelligence-driven defense.
By examining your current cybersecurity posture and the considerations above, you can take your enterprise from being vulnerable to possible “social” risks to a strong and stable intelligence-driven network defense. Being social does not mean you cannot also be secure.
About the Author
Greg Boison is the Lockheed Martin director of Homeland and Cyber Security. He leads a team of more than seven hundred employees and subcontractors supporting the Department of Homeland Security and Federal cyber customers.